| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 }; | 83 }; |
| 84 | 84 |
| 85 // A mock ReportSenderInterface that just remembers the latest report | 85 // A mock ReportSenderInterface that just remembers the latest report |
| 86 // URI and report to be sent. | 86 // URI and report to be sent. |
| 87 class MockCertificateReportSender | 87 class MockCertificateReportSender |
| 88 : public TransportSecurityState::ReportSenderInterface { | 88 : public TransportSecurityState::ReportSenderInterface { |
| 89 public: | 89 public: |
| 90 MockCertificateReportSender() {} | 90 MockCertificateReportSender() {} |
| 91 ~MockCertificateReportSender() override {} | 91 ~MockCertificateReportSender() override {} |
| 92 | 92 |
| 93 void Send(const GURL& report_uri, const std::string& report) override { | 93 void Send(const GURL& report_uri, |
| 94 base::StringPiece content_type, |
| 95 base::StringPiece report) override { |
| 94 latest_report_uri_ = report_uri; | 96 latest_report_uri_ = report_uri; |
| 95 latest_report_ = report; | 97 report.CopyToString(&latest_report_); |
| 98 content_type.CopyToString(&latest_content_type_); |
| 96 } | 99 } |
| 97 | 100 |
| 98 void SetErrorCallback( | 101 void SetErrorCallback( |
| 99 const base::Callback<void(const GURL&, int)>& error_callback) override {} | 102 const base::Callback<void(const GURL&, int)>& error_callback) override {} |
| 100 | 103 |
| 101 void Clear() { | 104 void Clear() { |
| 102 latest_report_uri_ = GURL(); | 105 latest_report_uri_ = GURL(); |
| 103 latest_report_ = std::string(); | 106 latest_report_ = std::string(); |
| 107 latest_content_type_ = std::string(); |
| 104 } | 108 } |
| 105 | 109 |
| 106 const GURL& latest_report_uri() { return latest_report_uri_; } | 110 const GURL& latest_report_uri() { return latest_report_uri_; } |
| 107 const std::string& latest_report() { return latest_report_; } | 111 const std::string& latest_report() { return latest_report_; } |
| 112 const std::string& latest_content_type() { return latest_content_type_; } |
| 108 | 113 |
| 109 private: | 114 private: |
| 110 GURL latest_report_uri_; | 115 GURL latest_report_uri_; |
| 111 std::string latest_report_; | 116 std::string latest_report_; |
| 117 std::string latest_content_type_; |
| 112 }; | 118 }; |
| 113 | 119 |
| 114 // A mock ReportSenderInterface that simulates a net error on every report sent. | 120 // A mock ReportSenderInterface that simulates a net error on every report sent. |
| 115 class MockFailingCertificateReportSender | 121 class MockFailingCertificateReportSender |
| 116 : public TransportSecurityState::ReportSenderInterface { | 122 : public TransportSecurityState::ReportSenderInterface { |
| 117 public: | 123 public: |
| 118 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} | 124 MockFailingCertificateReportSender() : net_error_(ERR_CONNECTION_FAILED) {} |
| 119 ~MockFailingCertificateReportSender() override {} | 125 ~MockFailingCertificateReportSender() override {} |
| 120 | 126 |
| 121 int net_error() { return net_error_; } | 127 int net_error() { return net_error_; } |
| 122 | 128 |
| 123 // TransportSecurityState::ReportSenderInterface: | 129 // TransportSecurityState::ReportSenderInterface: |
| 124 void Send(const GURL& report_uri, const std::string& report) override { | 130 void Send(const GURL& report_uri, |
| 131 base::StringPiece content_type, |
| 132 base::StringPiece report) override { |
| 125 ASSERT_FALSE(error_callback_.is_null()); | 133 ASSERT_FALSE(error_callback_.is_null()); |
| 126 error_callback_.Run(report_uri, net_error_); | 134 error_callback_.Run(report_uri, net_error_); |
| 127 } | 135 } |
| 128 | 136 |
| 129 void SetErrorCallback( | 137 void SetErrorCallback( |
| 130 const base::Callback<void(const GURL&, int)>& error_callback) override { | 138 const base::Callback<void(const GURL&, int)>& error_callback) override { |
| 131 error_callback_ = error_callback; | 139 error_callback_ = error_callback; |
| 132 } | 140 } |
| 133 | 141 |
| 134 private: | 142 private: |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 const SSLInfo& ssl_info, | 340 const SSLInfo& ssl_info, |
| 333 const std::string& ocsp_response, | 341 const std::string& ocsp_response, |
| 334 const std::string& response_status, | 342 const std::string& response_status, |
| 335 const std::string& cert_status) { | 343 const std::string& cert_status) { |
| 336 // Expect-Staple is preload list based, so we use the baked-in test hostname | 344 // Expect-Staple is preload list based, so we use the baked-in test hostname |
| 337 // from the list ("preloaded-expect-staple.badssl.com"). | 345 // from the list ("preloaded-expect-staple.badssl.com"). |
| 338 HostPortPair host_port(kExpectStapleStaticHostname, 443); | 346 HostPortPair host_port(kExpectStapleStaticHostname, 443); |
| 339 state->SetReportSender(reporter); | 347 state->SetReportSender(reporter); |
| 340 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); | 348 state->CheckExpectStaple(host_port, ssl_info, ocsp_response); |
| 341 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); | 349 EXPECT_EQ(GURL(kExpectStapleStaticReportURI), reporter->latest_report_uri()); |
| 350 EXPECT_EQ("application/json; charset=utf-8", reporter->latest_content_type()); |
| 342 std::string serialized_report = reporter->latest_report(); | 351 std::string serialized_report = reporter->latest_report(); |
| 343 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( | 352 EXPECT_NO_FATAL_FAILURE(CheckSerializedExpectStapleReport( |
| 344 serialized_report, host_port, ssl_info, ocsp_response, response_status, | 353 serialized_report, host_port, ssl_info, ocsp_response, response_status, |
| 345 cert_status)); | 354 cert_status)); |
| 346 } | 355 } |
| 347 | 356 |
| 348 } // namespace | 357 } // namespace |
| 349 | 358 |
| 350 class TransportSecurityStateTest : public testing::Test { | 359 class TransportSecurityStateTest : public testing::Test { |
| 351 public: | 360 public: |
| (...skipping 1085 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1437 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1446 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1438 state.CheckPublicKeyPins( | 1447 state.CheckPublicKeyPins( |
| 1439 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1448 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1440 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1449 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1441 | 1450 |
| 1442 // Now a report should have been sent. Check that it contains the | 1451 // Now a report should have been sent. Check that it contains the |
| 1443 // right information. | 1452 // right information. |
| 1444 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1453 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1445 std::string report = mock_report_sender.latest_report(); | 1454 std::string report = mock_report_sender.latest_report(); |
| 1446 ASSERT_FALSE(report.empty()); | 1455 ASSERT_FALSE(report.empty()); |
| 1456 EXPECT_EQ("application/json; charset=utf-8", |
| 1457 mock_report_sender.latest_content_type()); |
| 1447 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1458 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1448 cert1.get(), cert2.get(), | 1459 cert1.get(), cert2.get(), |
| 1449 good_hashes)); | 1460 good_hashes)); |
| 1450 mock_report_sender.Clear(); | 1461 mock_report_sender.Clear(); |
| 1451 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1462 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1452 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, | 1463 state.CheckPublicKeyPins(subdomain_host_port_pair, true, bad_hashes, |
| 1453 cert1.get(), cert2.get(), | 1464 cert1.get(), cert2.get(), |
| 1454 TransportSecurityState::ENABLE_PIN_REPORTS, | 1465 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 1455 &failure_log)); | 1466 &failure_log)); |
| 1456 | 1467 |
| 1457 // Now a report should have been sent for the subdomain. Check that it | 1468 // Now a report should have been sent for the subdomain. Check that it |
| 1458 // contains the right information. | 1469 // contains the right information. |
| 1459 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1470 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1460 report = mock_report_sender.latest_report(); | 1471 report = mock_report_sender.latest_report(); |
| 1461 ASSERT_FALSE(report.empty()); | 1472 ASSERT_FALSE(report.empty()); |
| 1473 EXPECT_EQ("application/json; charset=utf-8", |
| 1474 mock_report_sender.latest_content_type()); |
| 1462 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, | 1475 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, subdomain_host_port_pair, |
| 1463 true, kHost, cert1.get(), cert2.get(), | 1476 true, kHost, cert1.get(), cert2.get(), |
| 1464 good_hashes)); | 1477 good_hashes)); |
| 1465 } | 1478 } |
| 1466 | 1479 |
| 1467 // Tests that a histogram entry is recorded when TransportSecurityState | 1480 // Tests that a histogram entry is recorded when TransportSecurityState |
| 1468 // fails to send an HPKP violation report. | 1481 // fails to send an HPKP violation report. |
| 1469 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { | 1482 TEST_F(TransportSecurityStateTest, UMAOnHPKPReportingFailure) { |
| 1470 base::HistogramTester histograms; | 1483 base::HistogramTester histograms; |
| 1471 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; | 1484 const std::string histogram_name = "Net.PublicKeyPinReportSendingFailure2"; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1562 // violation. | 1575 // violation. |
| 1563 ssl_info.public_key_hashes.clear(); | 1576 ssl_info.public_key_hashes.clear(); |
| 1564 for (size_t i = 0; kBadPath[i]; i++) | 1577 for (size_t i = 0; kBadPath[i]; i++) |
| 1565 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); | 1578 EXPECT_TRUE(AddHash(kBadPath[i], &ssl_info.public_key_hashes)); |
| 1566 | 1579 |
| 1567 EXPECT_TRUE( | 1580 EXPECT_TRUE( |
| 1568 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); | 1581 state.ProcessHPKPReportOnlyHeader(header, host_port_pair, ssl_info)); |
| 1569 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1582 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1570 std::string report = mock_report_sender.latest_report(); | 1583 std::string report = mock_report_sender.latest_report(); |
| 1571 ASSERT_FALSE(report.empty()); | 1584 ASSERT_FALSE(report.empty()); |
| 1585 EXPECT_EQ("application/json; charset=utf-8", |
| 1586 mock_report_sender.latest_content_type()); |
| 1572 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, | 1587 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport(report, host_port_pair, true, kHost, |
| 1573 cert1.get(), cert2.get(), | 1588 cert1.get(), cert2.get(), |
| 1574 ssl_info.public_key_hashes)); | 1589 ssl_info.public_key_hashes)); |
| 1575 } | 1590 } |
| 1576 | 1591 |
| 1577 // Tests that Report-Only reports are not sent on certs that chain to | 1592 // Tests that Report-Only reports are not sent on certs that chain to |
| 1578 // local roots. | 1593 // local roots. |
| 1579 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { | 1594 TEST_F(TransportSecurityStateTest, HPKPReportOnlyOnLocalRoot) { |
| 1580 HostPortPair host_port_pair(kHost, kPort); | 1595 HostPortPair host_port_pair(kHost, kPort); |
| 1581 GURL report_uri(kReportUri); | 1596 GURL report_uri(kReportUri); |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1688 std::string failure_log; | 1703 std::string failure_log; |
| 1689 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, | 1704 EXPECT_EQ(TransportSecurityState::PKPStatus::VIOLATED, |
| 1690 state.CheckPublicKeyPins( | 1705 state.CheckPublicKeyPins( |
| 1691 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), | 1706 host_port_pair, true, bad_hashes, cert1.get(), cert2.get(), |
| 1692 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); | 1707 TransportSecurityState::ENABLE_PIN_REPORTS, &failure_log)); |
| 1693 | 1708 |
| 1694 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); | 1709 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri()); |
| 1695 | 1710 |
| 1696 std::string report = mock_report_sender.latest_report(); | 1711 std::string report = mock_report_sender.latest_report(); |
| 1697 ASSERT_FALSE(report.empty()); | 1712 ASSERT_FALSE(report.empty()); |
| 1713 EXPECT_EQ("application/json; charset=utf-8", |
| 1714 mock_report_sender.latest_content_type()); |
| 1698 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( | 1715 ASSERT_NO_FATAL_FAILURE(CheckHPKPReport( |
| 1699 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, | 1716 report, host_port_pair, pkp_state.include_subdomains, pkp_state.domain, |
| 1700 cert1.get(), cert2.get(), pkp_state.spki_hashes)); | 1717 cert1.get(), cert2.get(), pkp_state.spki_hashes)); |
| 1701 } | 1718 } |
| 1702 | 1719 |
| 1703 // Tests that report URIs are thrown out if they point to the same host, | 1720 // Tests that report URIs are thrown out if they point to the same host, |
| 1704 // over HTTPS, for which a pin was violated. | 1721 // over HTTPS, for which a pin was violated. |
| 1705 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { | 1722 TEST_F(TransportSecurityStateTest, HPKPReportUriToSameHost) { |
| 1706 HostPortPair host_port_pair(kHost, kPort); | 1723 HostPortPair host_port_pair(kHost, kPort); |
| 1707 GURL https_report_uri("https://example.test/report"); | 1724 GURL https_report_uri("https://example.test/report"); |
| (...skipping 613 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2321 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", | 2338 base::FieldTrialList::CreateFieldTrial("EnforceCTForProblematicRoots", |
| 2322 "disabled"); | 2339 "disabled"); |
| 2323 | 2340 |
| 2324 EXPECT_FALSE( | 2341 EXPECT_FALSE( |
| 2325 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); | 2342 state.ShouldRequireCT("www.example.com", before_cert.get(), hashes)); |
| 2326 EXPECT_FALSE( | 2343 EXPECT_FALSE( |
| 2327 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); | 2344 state.ShouldRequireCT("www.example.com", after_cert.get(), hashes)); |
| 2328 } | 2345 } |
| 2329 | 2346 |
| 2330 } // namespace net | 2347 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2365353004:
Add Content-Type header to net::ReportSender reports (Closed)
